Water systems hacked in Illinois and Texas

The Illinois Statewide Terrorism and Intelligence Center revealed last week that earlier this month a hacker shut down a pump at a central Illinois water utility serving 2,200 customers. The event is a stark reminder of the vulnerability of our critical infrastructure, most of which is operated via remote software called SCADA, to cyber attack.

The attack, which appears to have originated in Russia, seems to be the first foreign cyber attack on US critical infrastructure. The event highlights the double edged nature of an increasingly automated water distribution infrastructure: on the one hand, advanced SCADA systems have increased operational efficiency; on the other, public health and safety is at risk to cyber attacks.

The water utility in question has not been named, only described as a small rural utility in central Illinois. The attackers gained access to the utility's system by lifting passwords from a SCADA software development company, and began cycling a water pump off and on until it failed, on November 8. Back up pumps activated automatically, preventing disruption of water service.

The FBI and Department of Homeland Security are investigating the incident. A bit absurdly, DHS has downplayed the attack, stating that 'there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.' This notion did not sit well with a hacker called Prof, who posted on Pastebin a scathing rebuke of what he considers the malaise with which the DHS is responding to the event and critical infrastructure protection in general. He writes: "I dislike, immensely, how the DHS tend to downplay how absolutely f***** the state of national infrastructure is."

To prove the vulnerability of SCADA systems and twist the proverbial blad, he claimed to have accessed the South Houston Wastewater Department's SCADA system, posting screen shots of the software program to prove it. In a final twist, he says that the hack required 'no skill' and could be 'reproduced by a two year old.' The FBI and DHS are now also investigating this incident, the purpose of which, Prof claims, is to simply prove a point, not cause harm.

Representative Jim Langevin (D-R.I.), co-founder of the House Congressional Cybersecurity Caucus co-founder Jim Langevin (D-R.I.), and Prof are on the same page when it comes to their distaste for the seemingly lackadasical approach to combating cyber attacks at critical infrastructure facilities.

To The Hill, Rep. Langevin stated: "I'm greatly concerned about security of our critical infrastructure and its vulnerability to a cyber attack.....We have a lot of work to do and I don't think that the owners and operators of the electric grid in particular or water and sewer treatment plants are taking this threat seriously enough. But the potential attack that took place in Springfield, Illinois, should be a real wake-up call."

Rep. Langevin, in 2010, introduced a bill that would have created a National Office for Cyberspace which would 'oversee the security of agency information systems and infrastructure'. The bill passed the House but floundered in the Sentate. The EPA, who is tasked with the protection of water and wastewater infrastructure as the hauntingly Orwellian sounding Homeland Safety Presidential Directive 7, should be particularly interested in the goings on.

The embattled agency, which is likely seeing its budget cut, oversees the enforcement of various Homeland Security Directives applicable to water utilities as well as the Bioterrorism Act of 2002, which requires water utilities to prepare vulnerability assessments and develop plans to mitigate or prevent emergencies. As part of its responsibilities, EPA is required to develop what's known as a Sector Specific Plan for protecting the nation's water and wastewater infrastructure.

The latest version, published in 2010, mentions the development of a plan, called the Cybersecurity Roadmap, to enhance cybersecurity related to water and wastewater infrastructure. The Sector Specific Plan blandly states that the 'Water Sector is following the path laid out by Cybersecurity Roadmap', pointing out that several cycbersecurity workshops have been held. Workshops, however, do not make a secure SCADA infrastructure.

The incidents in Illinois and Texas should stimulate renewed focus on these cybersecurity efforts. Cyberattacks, after all, will likely grow, particularly as more systems become more automated. A key piece will be ensuring security alongside operational efficiency. Workshops may not be enough to ensure this happens. The release of the Stuxnet virus on Iranian nuclear infrastructure earlier this year, which has been linked to the US, stoked anxiety about retribution. Foreign attackers, emboldened by the use of cyber weapons by the US, would fight fire with fire and begin attacking US infrastructure. It appears this fear has come true, and the events of late indicate water is a prime and vulnerable target.

Sponsors

Recent News

What does that blue butterfly do when you are not watching. We still have to discover exactly how the Eurasian large blue exploits Myrmica ants, but many of its relatives are either cuckoos (eg. (Phengaris alcon), or outright predators like the AustralasianLiphyra brassolis larvae ,eating the whole brood of the green ants they live with. How did such diverse habits evolve? Well, start reading here.

For several years, excitement has been building over the Atlantic presence of Manta birostris and Manta cf birostris/ this is the classification system trying to tell us of a potential new species that is related to genus Manta. Little progress has been made on this W. Atlantic species of oceanic manta, but it cant be long before we can confirm new knowledge of parenting and juvenile growth in at least the main species, which seems to live alongside the potential new manta.

Ocean plastic pollution could triple in a decade without action by the ocean economy. TOMRA CEO Stefan Ranstrand responds to the UK Governments Foresight Future of the Sea report and explains how container deposit schemes and sensor-based recycling sorting could provide a solution.

Sponsored Links

Recent Blog Posts

The future is certainly renewable, but are we too late to prevent future centuries problems of global warming- and the rest! Here are some current US solutions to waste and warming for you to enjoy---there are some ads in this piece but weve allowed them for one blog only.

When dolphins are 'rescued' in various countries, the car given seems to be ill-considered. We are simply looking at the success rate which is reported to be low, in most places. They could even end up in commercial aquarium shows, but they certainly rarely make it back to the sea.